Web cookies: the CNIL monitors and sanctions French websites

Web cookies: the CNIL monitors and sanctions French websites


Web cookies are important in the management of personal data. In fact, they are increasingly monitored by the CNIL. Indeed, the French National Commission for Information Technology and Liberties or CNIL is keeping a close eye on them. Preparing a website for data protection, voice search, accessibility or digital compatibility is essential today. At Authôt, we keep a close eye on the uses of these topics. For example, the CNIL recently pinned several French websites that refuse to give their visitors the freedom to not accept cookies. What are the stakes of this topic? What do companies risk? How does the CNIL go about monitoring and sanctioning? This is what we will see together here.

Discover Authôt Live

The CNIL: definition and missions

To begin with, what is the CNIL? Briefly, the French National Commission for Information Technology and Civil Liberties is an independent French administrative authority. According to the CNIL website, it was « created by the French Data Protection Act of January 6, 1978″. The purpose of the CNIL is to ensure the protection of personal data within files, computer treatments and papers. Both in the private and in the public domain. Therefore, computer science and new technologies must be at the service of humans. The technologies must not infringe on « human rights, human identity, privacy or individual or public liberties ».

In fact, its role is fivefold:

  • Alert;
  • Advise;
  • Inform;
  • Control;
  • Sanction.

In concrete terms, the CNIL is the regulator, the guarantor of the respect of personal data in France. This organization accompanies professionals in their compliance, informs and guides individuals concerning their rights and protection.


The CNIL sanctions French websites that do not facilitate the refusal of cookies

The CNIL sanctions French websites that do not facilitate the refusal of cookies

Today, the CNIL continues its momentum by tightening its policy on refusal of cookies on websites. Indeed, according to siecledigital.fr, on « May 18, 2021, Marie-Laure Denis, the president of the CNIL sent a formal notice to about twenty companies that do not allow users to easily refuse cookies ».

The companies that received this sanction from the CNIL had 1 month to comply. After that, they were exposed to sanctions that could go up to a levy of 2% of their turnover. In fact, according to the CNIL, it is very simple, one must follow the following principle: « refusing cookies should be as simple as accepting them« .

Curiously, among the companies pinned down, there are several international and public players. In its press release, the CNIL states that this first operation will be followed by similar actions in the coming months. This topic is a priority for the Commission’s controls in 2021. The websites of companies are under surveillance, under penalty of financial sanctions.

The framework concerning the use of web cookies is stricter. According to the CNIL, most « cookies are only there to track and know the Internet user, which violates the privacy of the latter ». From now on, since the end of summer 2020, companies must therefore inform their Internet users about personalized advertising and especially allow them to refuse cookies.


Refusing cookies: practices to review

The problem is that 9 months later, some companies have effectively complied with the new CNIL rules, but others are circumventing the process. Indeed, some breaches, and some bad practices can be seen on the web. For example, some websites force Internet users to click several times to refuse cookies…

Moreover, as Nextinpact.com points out, the CNIL reacts at the right time. Indeed, while « the RGPD has been in force for three years, it finally slams its fist on the table on a sensitive subject ».

The CNIL had already announced in April that controls would be required on the practices of acceptance, refusal of cookies and other tracers, and tracking devices on the web.

According to journaldunet.com, today « 86% of French websites comply, while 82% of foreign sites do not care ». The CNIL is a unique case in Europe. France is the only one to have this interpretation of compliance with the RGPD« .

According to the Irish CNIL, the DPC, if you deploy an accept button on your banner, you must give as much visibility, space to an option that allows you to refuse cookies. Otherwise, he can manage his preferences in this matter on a second level ». This is a flexibility that French websites would like to take advantage of.

Google postpones the abandonment of web cookies


Google postpones the abandonment of web cookies

Finally, the American giant Google is itself a « bad pupil » in this matter. Indeed, Google denounces the difficult practical implementation in a short time.

According to frenchweb.fr, Google has « announced Thursday, June 24, 2021, to postpone by 2 years its abandonment of cookies, these tracers that allow the search engine to sell advertising space ultra personalized but which bristle the defenders of data privacy« .

In fact, as announced on its blog, Google believes it needs more time to better respect the data and privacy of Internet users.

Until now, Google has been using « third-party cookies » small text files that collect data as users browse and are then used to learn more about them, to target them.

So Google is now working on other possibilities for its system. For example, segmentation by audience and not by individual… To be continued!

In short, when it comes to web cookies, the CNIL monitors and sanctions websites. The problem is that the implementation is debated and tedious. For companies and individuals, the changes remain important. Alternatives may have to be thought of for all actors of the sector. We will keep a close eye on the situation! As Speech To Text specialists, we ensure that the web is used correctly and that content is more accessible. To benefit from our expertise, contact us!

Discover Authôt Live

Authôt. You speak. We write.